@better-auth/sso 1.3.0-beta.1 → 1.3.0-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/.turbo/turbo-build.log +4 -4
  2. package/dist/client.d.cts +1 -1
  3. package/dist/client.d.mts +1 -1
  4. package/dist/client.d.ts +1 -1
  5. package/dist/index.cjs +111 -84
  6. package/dist/index.d.cts +57 -319
  7. package/dist/index.d.mts +57 -319
  8. package/dist/index.d.ts +57 -319
  9. package/dist/index.mjs +68 -42
  10. package/package.json +3 -3
  11. package/src/index.ts +115 -42
  12. package/src/oidc.test.ts +101 -0
  13. package/src/saml.test.ts +292 -107
package/dist/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import * as better_call from 'better-call';
2
2
  import { User, OAuth2Tokens } from 'better-auth';
3
- import { z } from 'zod';
3
+ import * as z from 'zod/v4';
4
4
 
5
5
  interface OIDCConfig {
6
6
  issuer: string;
@@ -96,6 +96,21 @@ interface SSOOptions {
96
96
  * sign-in need to be called with with requestSignUp as true to create new users.
97
97
  */
98
98
  disableImplicitSignUp?: boolean;
99
+ /**
100
+ * Configure the maximum number of SSO providers a user can register.
101
+ * You can also pass a function that returns a number.
102
+ * Set to 0 to disable SSO provider registration.
103
+ *
104
+ * @example
105
+ * ```ts
106
+ * providersLimit: async (user) => {
107
+ * const plan = await getUserPlan(user);
108
+ * return plan.name === "pro" ? 10 : 1;
109
+ * }
110
+ * ```
111
+ * @default 10
112
+ */
113
+ providersLimit?: number | ((user: User) => Promise<number> | number);
99
114
  }
100
115
  declare const sso: (options?: SSOOptions) => {
101
116
  id: "sso";
@@ -132,14 +147,11 @@ declare const sso: (options?: SSOOptions) => {
132
147
  method: "GET";
133
148
  query: z.ZodObject<{
134
149
  providerId: z.ZodString;
135
- format: z.ZodDefault<z.ZodEnum<["xml", "json"]>>;
136
- }, "strip", z.ZodTypeAny, {
137
- providerId: string;
138
- format: "xml" | "json";
139
- }, {
140
- providerId: string;
141
- format?: "xml" | "json" | undefined;
142
- }>;
150
+ format: z.ZodDefault<z.ZodEnum<{
151
+ xml: "xml";
152
+ json: "json";
153
+ }>>;
154
+ }, z.core.$strip>;
143
155
  metadata: {
144
156
  openapi: {
145
157
  summary: string;
@@ -175,20 +187,19 @@ declare const sso: (options?: SSOOptions) => {
175
187
  pkce?: boolean | undefined;
176
188
  } | undefined;
177
189
  samlConfig?: {
190
+ entryPoint: string;
191
+ cert: string;
192
+ callbackUrl: string;
178
193
  spMetadata: {
179
194
  metadata: string;
195
+ binding?: string | undefined;
180
196
  privateKey?: string | undefined;
181
197
  privateKeyPass?: string | undefined;
182
198
  isAssertionEncrypted?: boolean | undefined;
183
199
  encPrivateKey?: string | undefined;
184
200
  encPrivateKeyPass?: string | undefined;
185
- binding?: string | undefined;
186
201
  };
187
- entryPoint: string;
188
- cert: string;
189
- callbackUrl: string;
190
202
  audience?: string | undefined;
191
- privateKey?: string | undefined;
192
203
  idpMetadata?: {
193
204
  metadata: string;
194
205
  privateKey?: string | undefined;
@@ -201,8 +212,9 @@ declare const sso: (options?: SSOOptions) => {
201
212
  signatureAlgorithm?: string | undefined;
202
213
  digestAlgorithm?: string | undefined;
203
214
  identifierFormat?: string | undefined;
215
+ privateKey?: string | undefined;
204
216
  decryptionPvk?: string | undefined;
205
- additionalParams?: Record<string, string> | undefined;
217
+ additionalParams?: Record<string, any> | undefined;
206
218
  } | undefined;
207
219
  mapping?: {
208
220
  id: string;
@@ -210,7 +222,7 @@ declare const sso: (options?: SSOOptions) => {
210
222
  name: string;
211
223
  emailVerified?: string | undefined;
212
224
  image?: string | undefined;
213
- extraFields?: Record<string, string> | undefined;
225
+ extraFields?: Record<string, any> | undefined;
214
226
  } | undefined;
215
227
  organizationId?: string | undefined;
216
228
  overrideUserInfo?: boolean | undefined;
@@ -265,34 +277,15 @@ declare const sso: (options?: SSOOptions) => {
265
277
  authorizationEndpoint: z.ZodOptional<z.ZodString>;
266
278
  tokenEndpoint: z.ZodOptional<z.ZodString>;
267
279
  userInfoEndpoint: z.ZodOptional<z.ZodString>;
268
- tokenEndpointAuthentication: z.ZodOptional<z.ZodEnum<["client_secret_post", "client_secret_basic"]>>;
280
+ tokenEndpointAuthentication: z.ZodOptional<z.ZodEnum<{
281
+ client_secret_post: "client_secret_post";
282
+ client_secret_basic: "client_secret_basic";
283
+ }>>;
269
284
  jwksEndpoint: z.ZodOptional<z.ZodString>;
270
285
  discoveryEndpoint: z.ZodOptional<z.ZodString>;
271
- scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
286
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
272
287
  pkce: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
273
- }, "strip", z.ZodTypeAny, {
274
- clientId: string;
275
- clientSecret: string;
276
- authorizationEndpoint?: string | undefined;
277
- tokenEndpoint?: string | undefined;
278
- userInfoEndpoint?: string | undefined;
279
- tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic" | undefined;
280
- jwksEndpoint?: string | undefined;
281
- discoveryEndpoint?: string | undefined;
282
- scopes?: string[] | undefined;
283
- pkce?: boolean | undefined;
284
- }, {
285
- clientId: string;
286
- clientSecret: string;
287
- authorizationEndpoint?: string | undefined;
288
- tokenEndpoint?: string | undefined;
289
- userInfoEndpoint?: string | undefined;
290
- tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic" | undefined;
291
- jwksEndpoint?: string | undefined;
292
- discoveryEndpoint?: string | undefined;
293
- scopes?: string[] | undefined;
294
- pkce?: boolean | undefined;
295
- }>>;
288
+ }, z.core.$strip>>;
296
289
  samlConfig: z.ZodOptional<z.ZodObject<{
297
290
  entryPoint: z.ZodString;
298
291
  cert: z.ZodString;
@@ -305,21 +298,7 @@ declare const sso: (options?: SSOOptions) => {
305
298
  isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
306
299
  encPrivateKey: z.ZodOptional<z.ZodString>;
307
300
  encPrivateKeyPass: z.ZodOptional<z.ZodString>;
308
- }, "strip", z.ZodTypeAny, {
309
- metadata: string;
310
- privateKey?: string | undefined;
311
- privateKeyPass?: string | undefined;
312
- isAssertionEncrypted?: boolean | undefined;
313
- encPrivateKey?: string | undefined;
314
- encPrivateKeyPass?: string | undefined;
315
- }, {
316
- metadata: string;
317
- privateKey?: string | undefined;
318
- privateKeyPass?: string | undefined;
319
- isAssertionEncrypted?: boolean | undefined;
320
- encPrivateKey?: string | undefined;
321
- encPrivateKeyPass?: string | undefined;
322
- }>>;
301
+ }, z.core.$strip>>;
323
302
  spMetadata: z.ZodObject<{
324
303
  metadata: z.ZodString;
325
304
  binding: z.ZodOptional<z.ZodString>;
@@ -328,243 +307,43 @@ declare const sso: (options?: SSOOptions) => {
328
307
  isAssertionEncrypted: z.ZodOptional<z.ZodBoolean>;
329
308
  encPrivateKey: z.ZodOptional<z.ZodString>;
330
309
  encPrivateKeyPass: z.ZodOptional<z.ZodString>;
331
- }, "strip", z.ZodTypeAny, {
332
- metadata: string;
333
- privateKey?: string | undefined;
334
- privateKeyPass?: string | undefined;
335
- isAssertionEncrypted?: boolean | undefined;
336
- encPrivateKey?: string | undefined;
337
- encPrivateKeyPass?: string | undefined;
338
- binding?: string | undefined;
339
- }, {
340
- metadata: string;
341
- privateKey?: string | undefined;
342
- privateKeyPass?: string | undefined;
343
- isAssertionEncrypted?: boolean | undefined;
344
- encPrivateKey?: string | undefined;
345
- encPrivateKeyPass?: string | undefined;
346
- binding?: string | undefined;
347
- }>;
310
+ }, z.core.$strip>;
348
311
  wantAssertionsSigned: z.ZodOptional<z.ZodBoolean>;
349
312
  signatureAlgorithm: z.ZodOptional<z.ZodString>;
350
313
  digestAlgorithm: z.ZodOptional<z.ZodString>;
351
314
  identifierFormat: z.ZodOptional<z.ZodString>;
352
315
  privateKey: z.ZodOptional<z.ZodString>;
353
316
  decryptionPvk: z.ZodOptional<z.ZodString>;
354
- additionalParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
355
- }, "strip", z.ZodTypeAny, {
356
- spMetadata: {
357
- metadata: string;
358
- privateKey?: string | undefined;
359
- privateKeyPass?: string | undefined;
360
- isAssertionEncrypted?: boolean | undefined;
361
- encPrivateKey?: string | undefined;
362
- encPrivateKeyPass?: string | undefined;
363
- binding?: string | undefined;
364
- };
365
- entryPoint: string;
366
- cert: string;
367
- callbackUrl: string;
368
- audience?: string | undefined;
369
- privateKey?: string | undefined;
370
- idpMetadata?: {
371
- metadata: string;
372
- privateKey?: string | undefined;
373
- privateKeyPass?: string | undefined;
374
- isAssertionEncrypted?: boolean | undefined;
375
- encPrivateKey?: string | undefined;
376
- encPrivateKeyPass?: string | undefined;
377
- } | undefined;
378
- wantAssertionsSigned?: boolean | undefined;
379
- signatureAlgorithm?: string | undefined;
380
- digestAlgorithm?: string | undefined;
381
- identifierFormat?: string | undefined;
382
- decryptionPvk?: string | undefined;
383
- additionalParams?: Record<string, string> | undefined;
384
- }, {
385
- spMetadata: {
386
- metadata: string;
387
- privateKey?: string | undefined;
388
- privateKeyPass?: string | undefined;
389
- isAssertionEncrypted?: boolean | undefined;
390
- encPrivateKey?: string | undefined;
391
- encPrivateKeyPass?: string | undefined;
392
- binding?: string | undefined;
393
- };
394
- entryPoint: string;
395
- cert: string;
396
- callbackUrl: string;
397
- audience?: string | undefined;
398
- privateKey?: string | undefined;
399
- idpMetadata?: {
400
- metadata: string;
401
- privateKey?: string | undefined;
402
- privateKeyPass?: string | undefined;
403
- isAssertionEncrypted?: boolean | undefined;
404
- encPrivateKey?: string | undefined;
405
- encPrivateKeyPass?: string | undefined;
406
- } | undefined;
407
- wantAssertionsSigned?: boolean | undefined;
408
- signatureAlgorithm?: string | undefined;
409
- digestAlgorithm?: string | undefined;
410
- identifierFormat?: string | undefined;
411
- decryptionPvk?: string | undefined;
412
- additionalParams?: Record<string, string> | undefined;
413
- }>>;
317
+ additionalParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
318
+ }, z.core.$strip>>;
414
319
  mapping: z.ZodOptional<z.ZodObject<{
415
320
  id: z.ZodString;
416
321
  email: z.ZodString;
417
322
  emailVerified: z.ZodOptional<z.ZodString>;
418
323
  name: z.ZodString;
419
324
  image: z.ZodOptional<z.ZodString>;
420
- extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
421
- }, "strip", z.ZodTypeAny, {
422
- id: string;
423
- email: string;
424
- name: string;
425
- emailVerified?: string | undefined;
426
- image?: string | undefined;
427
- extraFields?: Record<string, string> | undefined;
428
- }, {
429
- id: string;
430
- email: string;
431
- name: string;
432
- emailVerified?: string | undefined;
433
- image?: string | undefined;
434
- extraFields?: Record<string, string> | undefined;
435
- }>>;
325
+ extraFields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
326
+ }, z.core.$strip>>;
436
327
  organizationId: z.ZodOptional<z.ZodString>;
437
328
  overrideUserInfo: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
438
- }, "strip", z.ZodTypeAny, {
439
- providerId: string;
440
- issuer: string;
441
- domain: string;
442
- oidcConfig?: {
443
- clientId: string;
444
- clientSecret: string;
445
- authorizationEndpoint?: string | undefined;
446
- tokenEndpoint?: string | undefined;
447
- userInfoEndpoint?: string | undefined;
448
- tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic" | undefined;
449
- jwksEndpoint?: string | undefined;
450
- discoveryEndpoint?: string | undefined;
451
- scopes?: string[] | undefined;
452
- pkce?: boolean | undefined;
453
- } | undefined;
454
- samlConfig?: {
455
- spMetadata: {
456
- metadata: string;
457
- privateKey?: string | undefined;
458
- privateKeyPass?: string | undefined;
459
- isAssertionEncrypted?: boolean | undefined;
460
- encPrivateKey?: string | undefined;
461
- encPrivateKeyPass?: string | undefined;
462
- binding?: string | undefined;
463
- };
464
- entryPoint: string;
465
- cert: string;
466
- callbackUrl: string;
467
- audience?: string | undefined;
468
- privateKey?: string | undefined;
469
- idpMetadata?: {
470
- metadata: string;
471
- privateKey?: string | undefined;
472
- privateKeyPass?: string | undefined;
473
- isAssertionEncrypted?: boolean | undefined;
474
- encPrivateKey?: string | undefined;
475
- encPrivateKeyPass?: string | undefined;
476
- } | undefined;
477
- wantAssertionsSigned?: boolean | undefined;
478
- signatureAlgorithm?: string | undefined;
479
- digestAlgorithm?: string | undefined;
480
- identifierFormat?: string | undefined;
481
- decryptionPvk?: string | undefined;
482
- additionalParams?: Record<string, string> | undefined;
483
- } | undefined;
484
- mapping?: {
485
- id: string;
486
- email: string;
487
- name: string;
488
- emailVerified?: string | undefined;
489
- image?: string | undefined;
490
- extraFields?: Record<string, string> | undefined;
491
- } | undefined;
492
- organizationId?: string | undefined;
493
- overrideUserInfo?: boolean | undefined;
494
- }, {
495
- providerId: string;
496
- issuer: string;
497
- domain: string;
498
- oidcConfig?: {
499
- clientId: string;
500
- clientSecret: string;
501
- authorizationEndpoint?: string | undefined;
502
- tokenEndpoint?: string | undefined;
503
- userInfoEndpoint?: string | undefined;
504
- tokenEndpointAuthentication?: "client_secret_post" | "client_secret_basic" | undefined;
505
- jwksEndpoint?: string | undefined;
506
- discoveryEndpoint?: string | undefined;
507
- scopes?: string[] | undefined;
508
- pkce?: boolean | undefined;
509
- } | undefined;
510
- samlConfig?: {
511
- spMetadata: {
512
- metadata: string;
513
- privateKey?: string | undefined;
514
- privateKeyPass?: string | undefined;
515
- isAssertionEncrypted?: boolean | undefined;
516
- encPrivateKey?: string | undefined;
517
- encPrivateKeyPass?: string | undefined;
518
- binding?: string | undefined;
519
- };
520
- entryPoint: string;
521
- cert: string;
522
- callbackUrl: string;
523
- audience?: string | undefined;
524
- privateKey?: string | undefined;
525
- idpMetadata?: {
526
- metadata: string;
527
- privateKey?: string | undefined;
528
- privateKeyPass?: string | undefined;
529
- isAssertionEncrypted?: boolean | undefined;
530
- encPrivateKey?: string | undefined;
531
- encPrivateKeyPass?: string | undefined;
532
- } | undefined;
533
- wantAssertionsSigned?: boolean | undefined;
534
- signatureAlgorithm?: string | undefined;
535
- digestAlgorithm?: string | undefined;
536
- identifierFormat?: string | undefined;
537
- decryptionPvk?: string | undefined;
538
- additionalParams?: Record<string, string> | undefined;
539
- } | undefined;
540
- mapping?: {
541
- id: string;
542
- email: string;
543
- name: string;
544
- emailVerified?: string | undefined;
545
- image?: string | undefined;
546
- extraFields?: Record<string, string> | undefined;
547
- } | undefined;
548
- organizationId?: string | undefined;
549
- overrideUserInfo?: boolean | undefined;
550
- }>;
329
+ }, z.core.$strip>;
551
330
  use: ((inputContext: better_call.MiddlewareInputContext<better_call.MiddlewareOptions>) => Promise<{
552
331
  session: {
553
332
  session: Record<string, any> & {
554
333
  id: string;
555
- token: string;
556
334
  userId: string;
557
335
  expiresAt: Date;
558
336
  createdAt: Date;
559
337
  updatedAt: Date;
338
+ token: string;
560
339
  ipAddress?: string | null | undefined;
561
340
  userAgent?: string | null | undefined;
562
341
  };
563
342
  user: Record<string, any> & {
564
343
  id: string;
565
- name: string;
566
- emailVerified: boolean;
567
344
  email: string;
345
+ emailVerified: boolean;
346
+ name: string;
568
347
  createdAt: Date;
569
348
  updatedAt: Date;
570
349
  image?: string | null | undefined;
@@ -732,13 +511,13 @@ declare const sso: (options?: SSOOptions) => {
732
511
  <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(inputCtx_0: {
733
512
  body: {
734
513
  callbackURL: string;
735
- providerId?: string | undefined;
736
- domain?: string | undefined;
737
- scopes?: string[] | undefined;
738
514
  email?: string | undefined;
739
515
  organizationSlug?: string | undefined;
516
+ providerId?: string | undefined;
517
+ domain?: string | undefined;
740
518
  errorCallbackURL?: string | undefined;
741
519
  newUserCallbackURL?: string | undefined;
520
+ scopes?: string[] | undefined;
742
521
  requestSignUp?: boolean | undefined;
743
522
  providerType?: "oidc" | "saml" | undefined;
744
523
  };
@@ -780,32 +559,13 @@ declare const sso: (options?: SSOOptions) => {
780
559
  callbackURL: z.ZodString;
781
560
  errorCallbackURL: z.ZodOptional<z.ZodString>;
782
561
  newUserCallbackURL: z.ZodOptional<z.ZodString>;
783
- scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
562
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
784
563
  requestSignUp: z.ZodOptional<z.ZodBoolean>;
785
- providerType: z.ZodOptional<z.ZodEnum<["oidc", "saml"]>>;
786
- }, "strip", z.ZodTypeAny, {
787
- callbackURL: string;
788
- providerId?: string | undefined;
789
- domain?: string | undefined;
790
- scopes?: string[] | undefined;
791
- email?: string | undefined;
792
- organizationSlug?: string | undefined;
793
- errorCallbackURL?: string | undefined;
794
- newUserCallbackURL?: string | undefined;
795
- requestSignUp?: boolean | undefined;
796
- providerType?: "oidc" | "saml" | undefined;
797
- }, {
798
- callbackURL: string;
799
- providerId?: string | undefined;
800
- domain?: string | undefined;
801
- scopes?: string[] | undefined;
802
- email?: string | undefined;
803
- organizationSlug?: string | undefined;
804
- errorCallbackURL?: string | undefined;
805
- newUserCallbackURL?: string | undefined;
806
- requestSignUp?: boolean | undefined;
807
- providerType?: "oidc" | "saml" | undefined;
808
- }>;
564
+ providerType: z.ZodOptional<z.ZodEnum<{
565
+ oidc: "oidc";
566
+ saml: "saml";
567
+ }>>;
568
+ }, z.core.$strip>;
809
569
  metadata: {
810
570
  openapi: {
811
571
  summary: string;
@@ -917,17 +677,7 @@ declare const sso: (options?: SSOOptions) => {
917
677
  state: z.ZodString;
918
678
  error: z.ZodOptional<z.ZodString>;
919
679
  error_description: z.ZodOptional<z.ZodString>;
920
- }, "strip", z.ZodTypeAny, {
921
- state: string;
922
- code?: string | undefined;
923
- error?: string | undefined;
924
- error_description?: string | undefined;
925
- }, {
926
- state: string;
927
- code?: string | undefined;
928
- error?: string | undefined;
929
- error_description?: string | undefined;
930
- }>;
680
+ }, z.core.$strip>;
931
681
  metadata: {
932
682
  isAction: boolean;
933
683
  openapi: {
@@ -973,26 +723,14 @@ declare const sso: (options?: SSOOptions) => {
973
723
  returnHeaders?: ReturnHeaders | undefined;
974
724
  }): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
975
725
  headers: Headers;
976
- response: {
977
- redirect: boolean;
978
- url: string;
979
- };
980
- } : {
981
- redirect: boolean;
982
- url: string;
983
- }>;
726
+ response: never;
727
+ } : never>;
984
728
  options: {
985
729
  method: "POST";
986
730
  body: z.ZodObject<{
987
731
  SAMLResponse: z.ZodString;
988
732
  RelayState: z.ZodOptional<z.ZodString>;
989
- }, "strip", z.ZodTypeAny, {
990
- SAMLResponse: string;
991
- RelayState?: string | undefined;
992
- }, {
993
- SAMLResponse: string;
994
- RelayState?: string | undefined;
995
- }>;
733
+ }, z.core.$strip>;
996
734
  metadata: {
997
735
  isAction: boolean;
998
736
  openapi: {